> ## Documentation Index
> Fetch the complete documentation index at: https://arize-ax.mintlify.site/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Skills and Permissions

> Configure improvement loop skills (GitHub, Arize, Datadog, custom), store secrets, attach skills to presets, and understand RBAC.

**Skills** in AX Agent Improvement Loop are **account-level integrations** that give sandbox workers access to external systems. They are separate from [Arize Skills in your local coding agent](/ax/set-up-with-ai-assistants)—same ideas, different runtime (managed sandbox vs your laptop).

Enable skills to access external sources like Datadog and GitHub, or to expand Arize API access beyond default trace read.

## Where to configure

| Location                 | Use for                                                                                                                           |
| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------- |
| **More → Agent Skills**  | Create, edit, and delete skills for the account                                                                                   |
| **More → Agent Presets** | Attach one or more skills to a preset                                                                                             |
| **Agent Studio**         | Pick a preset (skills come from the preset), attach skills for a one-off run when **None** is selected, or open **Manage Skills** |

Repo appears on a preset only when a **GitHub** skill is selected.

## Built-in skill types

### GitHub

Lets the worker authenticate to GitHub (clone, branch, open PRs).

**Secrets:** `GH_TOKEN` — personal access token or GitHub App token with the scopes your workflow needs (repo read and/or write).

**Repo field:** After you add a GitHub skill to a preset, set the repository the worker should use for that preset.

### Arize

**Optional.** Workers already have **read access to traces** on the bound project without this skill. When a run starts, the platform provisions a short-lived credential scoped to that project—enough for investigations, Signal, and other trace-only tasks.

Add an **Arize** skill when you need to **expand** what the worker can do in Arize beyond reading spans on the bound project—for example:

* Query or update **datasets** and **experiments**
* Create or run **evaluators**
* Apply **annotations** or manage other Arize resources via the API

**Secrets:** `ARIZE_API_KEY` — an API key with the permissions the workflow needs (same style as the AX CLI or API). The worker can only call APIs that key is allowed to use.

Attach the skill on the preset in **Agent Presets** (or for a one-off run in Agent Studio). Use a dedicated key with **least privilege**; do not reuse a personal admin key unless the workflow requires it.

### Datadog

Lets the worker query Datadog alongside Arize traces.

**Secrets:**

* `DD_API_KEY`
* `DD_APP_KEY`
* `DD_SITE` (optional; defaults to `datadoghq.com`)

### Custom skill

Install a skill from a **GitHub repository** into the sandbox (for example, an internal runbook or a fork of an Arize skill).

**Required fields:**

* **Name** — Letters, numbers, spaces, hyphens, underscores, periods (max 253 characters).
* **Install source** — GitHub repo only. Accepted: `https://github.com/owner/repo`, `git@github.com:owner/repo`, or `owner/repo`.
* **Description** — How the harness should use the skill (max 1000 characters).
* **Installer** — `github` (git clone).

Custom skills may use optional env vars if your skill needs them; non-custom providers require at least one secret.

## Add a skill

<Steps>
  <Step title="Open Agent Skills">
    From **More → Agent Skills**, or **Manage Skills** in Agent Studio / Agent Presets.
  </Step>

  <Step title="Choose provider">
    Select **GitHub**, **Arize**, **Datadog**, or **Custom skill**.
  </Step>

  <Step title="Enter secrets">
    Paste secrets as `ENV=value` lines or a JSON object. The UI shows which env vars will be stored (for example `GH_TOKEN`, `DD_API_KEY`).
  </Step>

  <Step title="Save">
    The skill is available to attach on any preset in the account.
  </Step>

  <Step title="Attach to a preset">
    In **Agent Presets**, select the skill(s) for that preset. For GitHub, set the **repo** after the skill is attached.
  </Step>
</Steps>

## Permissions

Who can do what in the app today:

| Action                                                          | Who                                                                                |
| --------------------------------------------------------------- | ---------------------------------------------------------------------------------- |
| **Create / update / delete skills**                             | **Account admin**                                                                  |
| **Create / update agent presets**                               | **Account admin**                                                                  |
| **Start a session or automation** (Agent Studio, Signal enable) | User with **write access** to the space (and project permissions where applicable) |
| **Enable Signal on a project**                                  | User with **project update** permission                                            |
| **Delete a sandbox job**                                        | User with access to that job in the space                                          |
| **Send messages / attach to a running job**                     | User with access to that job                                                       |

**Annotators** cannot manage skills or presets.

Starting a worker may require **developer**-level access or account admin when the platform provisions a **short-lived service key** for the sandbox. If job creation fails with a permissions error, ask an account admin to grant the needed space role or developer permission.

Signal and trace-backed workers only read projects you can already access in the UI—they do not elevate privileges.

## Security practices

* **Least privilege** — GitHub tokens with read-only scope until you need PRs; Datadog keys with minimal API scopes.
* **One skill per integration** — Reuse the same skill across presets instead of duplicating secrets.
* **No secrets in prompts** — Put credentials only in the skill definition.
* **Review outputs** — Treat PRs and investigation suggestions like any other untrusted automation output until reviewed.
* **Custom skills** — Only install repos you trust; the sandbox clones and executes skill code during the run.

## Signal and skills

The built-in **Signal** preset uses **project traces only**—no extra skills required to detect issues. To let Signal open fix PRs, use **Attach Repo** on the [Signal](/ax/agents/get-started-with-signal#attach-a-repo-for-fix-prs) tab. For other skills (for example Datadog), create a custom preset and point the Signal automation at it.

## Related docs

* [Agent Presets](/ax/agents/agent-presets) — Attach skills to reusable configs
* [How agents work](/ax/agents/how-agents-work) — Sandboxes, data access, and boundaries
* [Agent Studio](/ax/agents/agent-studio) — Start runs from presets or ad hoc
* [Arize Skills (local)](/ax/set-up-with-ai-assistants) — Install skills in Cursor, Claude Code, etc.